Since this site runs WordPress, I was receiving huge amounts of spam. At first I tolerated it, but recently it became too much. I had to start adding more and more phrases to the blacklist, but it still persisted.
Fortunately, there was one very useful fact I noticed: it was all coming from the same set of IPs. Unfortunately, it’s always a bad idea to block IPs since they’re usually highly dynamic and can be spoofed.
But it did give me an idea: ask for some simple CAPTCHA when coming from an offending IP. I too dislike CAPTCHAs, and my primary goal was not to rely on external tools (otherwise I’d have signed up for a wordpress.com account and enabled Akismet). So I took advantage of a simple fact: the spambots were (probably) hitting many sites, and not targeting mine specifically.
What I decided to do was have a single text box in the comment form, that would require a word or phrase that would be explicitly mentioned to be entered. After thinking for a while over what a good word or phrase would be, I eventually settled on “please”. If commenting from a particular set of IPs, a user simply has to write “please” in a separate text box that asks for the word please to be entered. If it’s not there, the comment is discarded and I don’t have to manually mark it as spam. I don’t even know that an attempt was made in the first place.
So I wrote it, and having waited a few days I haven’t had a single spam comment. I’m deeming this a success, and you can find the plugin on GitHub. Hopefully it helps you too.